skip navigation

More signal. Less noise.

Get your copy of the definitive guide to threat intelligence.

We brought together a team of experts and wrote the definitive guide to everything you need to know about threat intelligence. Whether you work in vulnerability management, incident response, or another part of cybersecurity, our book has something for you. Get your free copy of “The Threat Intelligence Handbook” now.

Daily briefing.

Fifth Annual Cybersecurity Conference for Executives

So does regulation have a downside? Its promised upside is clear enough: an analogue of public health and public safety measures, transposed to cyberspace. In a keynote that opened the proceedings at Johns Hopkins this week, Dr. Phyllis Schneck, Managing Director of the Global Cyber Solutions practice at Promontory Financial Group, began by drawing attention to the well-known principle that compliance isn't sufficient for security, still less synonymous with it.

She offered regulation of personally identifiable information (PII) as an example of regulatory insufficiency. PII is widely regulated, but there is a wealth of other types of data that aren’t, and which, when aggregated, can be at least as revelatory as what we commonly think of as PII. Information such as location data and buying habits, for example, can be just as valuable to an attacker as it is to the companies that collect the data.

One of the problems with regulation, she said, is that it shows the bad guys what you’re not doing, so they can invest their time and money into targeting areas that are unprotected. Attackers will always be ahead, because defenders have laws that restrict their actions. Attackers can adapt more quickly to new information, and they’re generally more open to sharing information with other attackers. Operational resilience is the only way to address this problem, Schneck argued. Companies need to have their recovery strategies set up in advance. She stressed that rehearsal is a necessary component of resilience. Companies need to ask themselves what they would do “if all the lights went out tomorrow,” so that they’re not dealing with that question when the lights actually do go out.

John Forte, Deputy Executive for Johns Hopkins University Applied Physics Laboratory’s Homeland Protection Mission Area, delivered the closing keynote. He took as his text the proliferation of interconnected devices. transportation, healthcare, buildings and cities, education, public safety are increasingly automated, and CISOs are going to need to deal with trend soon. IoT devices will be used to assist in countless tasks, and all of these devices need to interact with each other. The challenge is getting them to interact securely, and building them so they can’t be hacked.

Forte said that the traditional consideration for a CISO is aligning the risk to the mission; in the future, however, CISOs will increasingly need to become business strategists. What CISOs need to start doing today is designing open, resilient, zero-trust architectures, mastering the supply chain, and enhancing automation and the use of AI. Forte noted that we’re currently in the very beginning stages of artificial intelligence.

We'll have other notes on the Cybersecurity Conference for Executives available later.

Forty-nine people are dead in Christchurch, New Zealand, as anti-Muslim terrorists shot up two mosques during Friday prayers. Police have made four arrests, and one man has been charged with murder. Intent to carry out the massacre was announced online shortly before the murders began. The New York Times says a manifesto seeking the sadly familiar goals of terror and depraved inspiration also linked a shooter's Facebook page, where some seventeen minutes of the massacre were subsequently live-streamed, apparently from a camera worn by the shooter. Investigation continues. The video has been taken down, and authorities urge anyone who may have it to refrain from sharing.

Researchers at Group-IB late yesterday reported that seven online stores based in the UK and the US were infected with a new and evasive JavaScript sniffer that Group-IB calls "GMO." They first discovered the malware on sporting goods site FILA UK.

China's National People's Congress, Agence France Presse reports, has approved a law said to be intended to inhibit government agencies from forcing foreign companies to give proprietary technology to their Chinese partners in joint ventures. The bill also makes a gesture in the direction of establishing mechanisms for adjudicating disputes over intellectual property among Chinese and international partners. The measure is widely seen as a peaceful gesture in the direction of Washington as Sino-American trade negotiations enter what appears to be their endgame, but few observers think the law will have much of an effect on Chinese conduct with respect to intellectual property.

Notes.

Today's issue includes events affecting Australia, China, France, Iran, Israel, Japan, Montenegro, NATO/OTAN, New Zealand, North Macedonia, Pakistan, Russia, Ukraine, United States.

Earn Your Master’s in Cybersecurity from Georgetown

Looking to advance your cybersecurity career? Check out Georgetown University's graduate program in Cybersecurity Risk Management. Ideal for working professionals, our program offers flexible options to take classes online, on campus, or through a combination of both—so you don’t have to interrupt your career to earn your degree. You'll leave the program with the expertise you need to effectively manage risks and navigate today’s increasingly complex cyber threats. Explore the program.

In today's podcast, out later this afternoon, we speak with our partners at Cisco Talos as Craig Williams provides an update on cryptominers. Our guest is Nirmal John, author of the book, Breach: Remarkable Stories of Espionage and Data Theft and the Fight to Keep Secrets Safe.

OSSEC Con2019 (Herndon, Virginia, United States, March 20 - 21, 2019) OSSEC Con2019, “The Future of OSSEC: Security and Compliance for Cloud, On-Premise and Hybrid Environments” will take place March 20-21 in Herndon, VA. Join OSSEC users to share best practices and use cases with plenty of peer-to-peer networking.

Cyber Attacks, Threats, and Vulnerabilities

Israel suspects Iran of hacking election frontrunner Gantz's phone: TV (Reuters) Israel's Shin Bet security service suspects Iran of hacking the mobile phon...

Protip: If you'd rather cyber-scoundrels didn't know the contents of your comp, don't apply for a Pakistani passport (Register) Compromised government website slurps buttload of data about applicants

As Russians protested ‘Internet isolation’ last weekend, hackers launched DNS attacks against Yandex, exploiting flaws in the government’s censorship system (Meduza) Several major Russian Internet companies, including Yandex and the news outlet RBC, suffered massive network attacks this week that were made possible by vulnerabilities in the system the federal government uses to block websites.

US Warns of Sophisticated Cyberattacks From Russia, China (SecurityWeek) Cyberattacks from Russia, China, North Korea and Iran are increasingly sophisticated and, until recently, were done with little concern for the consequences, the top Pentagon cyber leaders told a congressional committee.

Top Pentagon officials say Google work is 'benefiting the Chinese military' (TheHill) Top defense officials on Thursday blasted Google for its work in China, saying that the company’s efforts are serving the interests of the U.S. adversary.

Analysis | Is China’s cyberespionage a military game-changer? (Washington Post) There's no magical shortcut to catch up on the latest weapons tech.

Here’s how other nations measure up in electronic warfare (C4ISRNET) Other nations are seeking to deny U.S. forces the ability to communicate.

The Hunt: ISIS trying to reposition its messaging (WTOP) What’s ISIS’s message now that it has lost all of the territory it once held in Syria and Iraq? On this week’s edition of The Hunt with WTOP national security correspondent J.J. Green, an American…

Making it Rain - Cryptocurrency Mining Attacks in the Cloud (AT&T Alien Labs) By Chris Doman and Tom HegelOrganizations of all sizes have made considerable shifts to using cloud-based infrastructure for their day-to-day business operations. However, cloud security hasn't always kept up with cloud adoption, and that leaves security gaps that hackers are more than happy to take advantage of.One of the most widely observed objectives of attacking an organization's cloud infrastructure has been for cryptocurrency mining. Despite recent falls in cryptocurrency

A new rash of highly covert card-skimming malware infects ecommerce sites (Ars Technica) GMO sniffer infected Fila UK for 4 months. Six US sites remain compromised.

Payment data of thousands of customers of UK and US online stores could have been compromised (Group-IB) Group-IB, an international company that specializes in preventing cyberattacks, has uncovered a malicious code designed to steal customers’ payment data on seven online stores in the UK and the US. The injected code has been identified as a new JavaScript Sniffer (JS Sniffer), dubbed by Group-IB as GMO. Group-IB Threat Intelligence team first discovered the GMO JS Sniffer on the website of the international sporting goods company FILA UK, which could have led to the theft of payment details of at least 5,600 customers for the past 4 months.

Windows Security Warning: New Exploit Is Targeting Versions 8 to 10 (Forbes) Users encouraged to patch immediately after new vulnerability found by security firm Kaspersky used in targeted attacks by at least two threat actors

Proof-of-concept code published for Windows 7 zero-day (ZDNet) More details emerge about the two Windows zero-days that Microsoft patched this Tuesday.

Malicious Counter-Strike 1.6 servers used zero-days to infect users with malware (ZDNet) Dr.Web: 39 percent of all Counter-Strike 1.6 servers were malicious and tried to infect users with malware.

Belonard Trojan spread via zero days in Counter-Strike 1.6 (SC Media) Cybercriminals are exploiting zero day vulnerabilities in an old game Counter-Strike 1.6 to spread the Belonard Trojan.

Chinese e-commerce giant Gearbest leaks millions of records, researcher finds - CyberScoop (CyberScoop) An unsecured database has exposed records about millions of customer transactions from the Chinese e-commerce giant Gearbest, security researcher Noam Rotem has announced.

Beware of Bitcoin Investment Emails Pushing Clipboard Hijackers (BleepingComputer) A new malspam campaign is under that contains an attachment that when executed will install a Windows clipboard hijacker that attempts to steal Bitcoins from its victims.

Many Security Apps on Google Play Inefficient, Fake: Study (SecurityWeek) AV-Comparatives has analyzed 250 antimalware Android applications offered on Google Play and found that many either fail to detect threats or they are simply fake.

Most Antivirus Apps on Google Play Suck at Detecting Malware (PCMAG) The findings come from antivirus testing group AV-Comparatives, which tested 250 Android security apps to see how they performed against common malware strains. The reputable brands generally performed well, while the lesser-known ones fared poorly.

Fake DHL Urgent Delivery notice delivers Gandcrab 5.2 ransomware | My Online Security (My Online Security) Yet another Gandcrab ransomware campaign. This time spoofing DHL Express with a fake delivery notification email. This delivers Gandcrab 5.2 ransomware that currently does not have free decryption…

Ransomware's New Normal (Dark Reading) GandCrab's evolution underscores a shift in ransomware attack methods.

Cyber criminals increasingly favouring 'low and slow' stealth attacks (ComputerworldUK) A "low and slow" approach to financially driven cyber attacks has overtaken ransomware as the chief attack vector as criminals seek to extort money by stealth using crypto mining-based malware.

Report Shows Cryptojacking Is Prime Example of Shift Towards Discreet Cyberattacks (Cointelegraph) A recent report shows that cryptojacking is a prime example of cybercriminals’ shift to “low and slow” attack approaches.

Location-Aware Malware Targets Japanese and Korean Endpoints (Security Boulevard) New malware samples use location awareness to specifically target Japanese and Korean endpoints. The malware uses two techniques to determine the location in which it is being executed and ensures that the payload will only be triggered in these regions. This approach matches two trends: 1) docs performing regional checks in targeted attacks, and 2) The post Location-Aware Malware Targets Japanese and Korean Endpoints appeared first on Bromium.

Unsecured Database Exposed 33 Million Job Profiles in China (BleepingComputer) An unsecured database containing the resumes and personal information of approximately 33 million people seeking jobs in China has been exposed online.

LCDS - Leão Consultoria e Desenvolvimento de Sistemas Ltda ME LAquis SCADA ELS Files (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 7.8ATTENTION: Low skill level to exploitVendor: LCDS—Leão Consultoria e Desenvolvimento de Sistemas Ltda MEEquipment: LAquis SCADAVulnerability: Out-of-Bounds Write2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow remote code execution.

PEPPERL+FUCHS WirelessHART-Gateways (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 5.3ATTENTION: Exploitable remotely/low skill level to exploit/public exploits are availableVendor: PEPPERL+FUCHSEquipment: WirelessHART-GatewaysVulnerability: Path Traversal2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow access to files and restricted directories stored on the device through the manipulation of file

Gemalto Sentinel UltraPro (ICS-CERT) 1. EXECUTIVE SUMMARYCVSS v3 6.5ATTENTION: Low skill level to exploitVendor: GemaltoEquipment: Sentinel UltraProVulnerability: Uncontrolled Search Path Element2. RISK EVALUATIONSuccessful exploitation of this vulnerability could allow execution of unauthorized code or commands.

Facebook claims server configuration change caused 14-hour outage to Facebook, Instagram and WhatsApp (Computing) BGP protocol shenanigans ruled out as Facebook admits outage was caused by its own engineers

Was The Facebook Outage A Cyber-Attack? (Forbes) Facebook and Instagram users were unable to access the service yesterday. So what happened?

‘Yelp for Conservatives’ Pulled From App Store Over Security Flaws (The Daily Beast) Security threat detected in app that helps people find Trump-friendly restaurants.

Kathmandu ‘urgently investigating’ cyber attack (My Business) Listed outdoors wear retailer Kathmandu has announced that it is “urgently investigating” a security breach that recently hit its trading websites.

Security Patches, Mitigations, and Software Updates

Code Execution Flaw Found in Sonatype Nexus Repository Manager (SecurityWeek) An unauthenticated remote code execution vulnerability has been found and patched in Sonatype’s Nexus Repository Manager, an open source development tool installed on over 150,000 servers.

Cisco Patches Critical ‘Default Password’ Bug (Threatpost) Vulnerability allows adversaries to access monitoring system used to gathering info on operating systems and hardware.

Default Account in Cisco CSPC Allows Unauthorized Access (SecurityWeek) Researcher discovers that Cisco’s CSPC product, which collects information from Cisco devices installed on a network, has a default account that can provide access to unauthorized users.

Cyber Trends

Unmasking War’s Changing Character (Modern War Institute) “Perhaps wars weren’t won anymore. Maybe they went on forever.” — Ernest Hemingway, A Farewell to Arms   War used to be easy to define. Once, we could say with confidence whether we were at war or peace. If the former, we could identify with whom we were fighting and where the front was. Americans …

Mobile Security Index 2019 (Verizon) It’s been another headline-grabbing 12 months for cybersecurity.

Sentiment analysis — Quartz Obsession (Quartz) Sentiment analysis: How corporations are reading your mind

90% of consumers value additional security measures to verify mobile-based transactions (Help Net Security) Nine in ten consumers value additional security measures to verify mobile-based transactions before the transaction is completed.

Do people with malicious intent present the biggest threat to personal data? (Help Net Security) According to Apricorn's latest social media poll, sixty five percent of respondents believe that humans pose the biggest threat to their personal data.

Marketplace

Huawei CEO tries to deflect cybersecurity spotlight onto Ericsson and Cisco (Telecoms.com) It was just a matter of time before Huawei played the whataboutism card and Founder/CEO Ren Zhengfei couldn’t resist in a recent interview.

ZTE’s State Owner to Cut Its Stake (Wall Street Journal) The state-backed owner of China’s ZTE said it would sell up to 3% of the shares outstanding in the telecom giant, which is recovering from a bruising run-in with U.S. authorities last year.

ZTE says open to product testing by Indian govt to allay security concerns; to ramp up hiring (ETTelecom.com) Chinese telecom gear maker ZTE said that it is open to evaluation and testing of its products and solutions by any global authority, including the Ind..

Deloitte buys risk consultancy Converging Data Australia (Consultancy) Deloitte has acquired Sydney-based risk consultants Converging Data Australia, with its founder and team joining the Big Four firm’s Risk Advisory practice.

Octo Consulting Gets in on $2.5B Securities and Exchange Commission’s ONE IT Contract (WashingtonExec) Octo Consulting won a spot on the Securities and Exchange Commission’s ONE IT indefinite delivery-indefinite quantity vehicle, a 10-year $2.5 billion

Alphabet Cybersecurity Startup May Pressure Data Analytics Firms (Investor's Business Daily) The annual RSA conference is always a place for cybersecurity startups to make a splash as the industry focuses on new ways to thwart hacker and malware attacks.

For Cisco, the future of security is being shaped by software-defined networking (CSO) Cisco Live! 2019 emphasised the role of analytics, automation, and other software in building responsive security architectures

Carbon Black Painted Red, So We Committed Some Green (Seeking Alpha) Another quarterly beat but guidance just below expectations set this name up for a trade. We discuss our trade but note that upside remains as positive free cas

Two Top Facebook Executives Leaving Company (Wall Street Journal) Two Facebook Inc. senior executives said Thursday that they would leave the company—surprise departures that come days after CEO Mark Zuckerberg announced a major shift in direction for the company.

Products, Services, and Solutions

Juniper Networks unveils ‘connected’ security architecture (ARN) Juniper Networks has rolled out a new security architecture that will connect and operate with an enterprise customer's existing stack of products.

NS1 releases new solution to protect organizations and their customers from DNS attacks (Help Net Security) NS1 unveiled the Domain Security Suite designed to keep organizations and their customers safe from a growing number of DNS threats.

Forcepoint-Enabling Cybersecurity with Behavioural Analytics Solution (BFSI) Forcepoint delivers integrated behavior-based security solutions, that have been perfectly adapted to suit the industrial environment, specifically, products that provide more visibility into the potential threats, says Harshil Doshi, Strategic Security Solutions Head, Forcepoint.

Entrust Datacard's new guide provides actionable technical guidance for IoT stakeholders (Help Net Security) Entrust Datacard announced its contribution to the new Security Maturity Model (SMM) Practitioner’s Guide, published by the Industrial Internet Consortium.

TitanHQ Adds Sandboxing and DMARC Authentication to SpamTitan Email Security (PR Newswire) SpamTitan email security customers, both new and existing, got a pleasant surprise earlier this ...

Everbridge launches Crisis Management solution to help organizations manage critical events (Help Net Security) Everbridge launched a Crisis Management solution, to help organizations manage the lifecycle of a critical event and accelerate response and recovery times.

Darktrace Launches Antigena Cyber AI to Fight Back Against Cyber Threats in Seconds (IT Toolbox) Darktrace, the AI company for cyber defense, has announced new Antigena AI Response modules that fight back autonomously, no matter where a threat may emerge.Expanding beyond network response, the new modules include Cloud (AWS & Azure), Email (Office365), and SaaS applications. Whether faced with a social engineering campaign, compromised cloud...

Onapsis and Exabeam improve monitoring, threat detection, incident response and compliance (Help Net Security) Onapsis announced a technology alliance and product integration with Exabeam to give security teams access to ERP vulnerability logs in their SIEM.

BlueVoyant and IronNet Cybersecurity Form Partnership to Provide Cyber Collective Defense Capabilities to Energy Providers (PR Newswire) BlueVoyant and IronNet Cybersecurity today announced a partnership to deliver advanced, collective cyber defense and...

Technologies, Techniques, and Standards

5G Is Coming for Real, but It Will Cost You (WIRED) Verizon said it will introduce 5G wireless service in selected areas in Chicago and Minneapolis on April 11, for an additional $10 a month.

Data breach reports delayed as organizations struggle to achieve GDPR compliance - Help Net Security (Help Net Security) Businesses routinely delayed data breach disclosure and failed to provide important details to the ICO in the year prior to the GDPR’s enactment.

The tug of war between infosec and the C-suite on cloud security (CIO Dive) "When it comes to cloud visibility, CIOs and CISOs can either be the problem or the solution," said FireMon's Tim Woods.

Protecting applications against DFA attacks (Help Net Security) There are several steps you can take to ensure that you are doing as much as possible to defend against DFA attacks. Learn more in this article from Arxan.

Thinking of threat intelligence as a contributing member of your security team (Help Net Security) Threat intelligence is widely considered as a significant asset for organizations, but implementation of this intelligence within security operations can

American Systems' Brian Neely: Defense Industry's Cyber Posture Must Address Emerging Threats (ExecutiveBiz) Brian Neely, chief information officer and chief information security officer for American Systems, said the company is looking forward to applying the crowdsourced security testing model to its third-party testing portfolio.

Design and Innovation

Is AI really intelligent or are its procedures just averagely successful? (Help Net Security) Learning algorithms appear to reach human capabilities, but it remains unclear whether the AI's decision making behavior is truly 'intelligent'.

Research and Development

DARPA Is Building a $10 Million, Open Source, Secure Voting System (Motherboard) The system will be fully open source and designed with newly developed secure hardware to make the system not only impervious to certain kinds of hacking, but also allow voters to verify that their votes were recorded accurately.

The quantum sea change: Navigating the impacts for cryptography (Help Net Security) Professionals in cybersecurity and cryptography (and even non-IT executives) are hearing about the coming threat from quantum computing. It’s reaching the

Academia

Cyber-Security Student Team Earns Regional Spot (University of Arkansas News) A U of A student cyber-defense team will return this month to the finals of an eight-school competition to see which university will emerge victorious at the end of a real-world cybersecurity gauntlet.

Legislation, Policy, and Regulation

NATO Weighs Allegations that Huawei Poses Security Risk (Military.com) Stoltenberg says some of NATO's 29 allies are uneasy about the potential security challenges of working with Huawei.

In testimony, Shanahan underlines it’s ‘China, China, China’ (Defense News) The National Defense Strategy remains the Pentagon's focus under acting Defense Secretary Shanahan.

China approves foreign investment law, possible US olive branch (Yahoo News) China's rubber-stamp parliament approved a foreign investment law Friday that may serve as an olive branch in trade talks with the United States, but it received a lukewarm welcome from business groups. The legislation aims to address long-running grievances from foreign firms including stronger

Putin’s Game Plan in Ukraine (Foreign Affairs) Moscow aims to force concessions out of Kiev.

More success means less boundaries in cyberspace (Fifth Domain) The Department of Defense is being open about its belief that a digital advantage requires operating outside U.S. networks on a daily basis.

Cyber Command’s midterm election work included trips to Ukraine, Montenegro, and North Macedonia (CyberScoop) Cyber Command personnel visited Montenegro, North Macedonia, and Ukraine to collaborate on network defense ahead of the 2018 midterm elections.

U.S. Navy Review Finds Evidence of Widespread Chinese Hacking (The Maritime Executive) The U.S. Navys RD ecosystem is under cyber siege by hackers, according to a new internal review orde...

SECURITY: Pentagon to utilities: Uncle Sam wants you (E&E News) The U.S. military is recruiting electric utilities and grid operators as partners in an aggressive new strategy aimed at spotting and blocking hackers before they launch a cyberattack on energy infrastructure.

Cornyn, Baldwin, Crapo, Brown Bill Will Protect Rail and Bus Manufacturing from China Threat (United States Senator John Cornyn, Texas) China’s “Made in 2025” initiative targets dominance in rail and bus manufacturing.Bill prevents federal transit funds from being used to purchase Chinese rail and bus assets.

Congress at SXSW: Yes, we’re dumb about tech, and here’s what we should do (Ars Technica) Representatives use SXSW to advocate for tech-research funding, Cyber National Guard.

Google needs breaking up, says news chief (Naked Security) And Oracle accused Google of creating shadow profiles of even non-users. Theirs are just two of 85 responses to an Australian inquiry.

House Members Voice Support for NSA/CyberCom ‘Dual-Hat’ Command (Meritalk) Two members of the House Armed Services Committee said at a hearing on Wednesday they support continuation of the “dual-hat” command structure which finds Gen. Paul Nakasone heading both U.S. Cyber Command and the National Security Agency.

What DOD Plans To Do With $9.6 Billion in Cyber Funding (Nextgov.com) Defense Department cyber leaders explained the 2020 budget request and offered insight into how U.S. Cyber Command is using its new acquisition authority.

Should CYBERCOM be granted more acquisition funds? (Fifth Domain) Some congressional leaders are questioning Cyber Command's needs given it has yet to exhaust what has already been provided.

Army Cyber to Become an Information Warfare Command (SIGNAL Magazine) The shift reflects the importance of integrated capabilities, above and beyond cyber.

Task Force Echo mission and transition is critical to American cybersecurity (DVIDS) Col. Brian Vile, commander of the 780th Military Intelligence (MI) Brigade (Cyber), hosted a transition of authority (TOA) ceremony between two Army National Guard (ARNG) formations whereby one cyber battalion transitioned with another to continue the Task Force Echo cyberspace mission.

Litigation, Investigation, and Law Enforcement

Christchurch shooting: 49 dead in terror attack at two mosques – live updates (the Guardian) Three in custody over mass shootings that also left 20 people seriously injured

Terror attacks on two New Zealand mosques have left nearly 50 people dead (Quartz) After shootings at two separate mosques in Christchurch, police urged mosques to "close your doors until you hear from us again."

In overwhelmingly bipartisan vote, House calls for Mueller report to be made public (Washington Post) Republicans joined Democrats to back a resolution calling on the Justice Dept. to release the special counsel’s full report to Congress and the public.

Documents shed light on Russian hacking of Democratic Party leaders (Washington Post) The papers from a lawsuit against BuzzFeed include a forensic analysis by a former top official in the FBI’s cyber crime division.

BBC scores first interview with one of 13 ‘Russian trolls’ indicted by Robert Mueller last year (Meduza) It’s been more than a year since the U.S. Justice Department indicted 13 “Russian trolls” for interfering in America’s 2016 presidential election.

"Активный патриот": обвиняемый в США рассказал о "фабрике троллей" (BBC News Русская служба) Один из 13 россиян из "списка Мюллера", обвиняемых во вмешательстве в выборы в США, признался Би-би-си, что сотрудничал с "фабрикой троллей". Правда, Сергей Полозов утверждает, что не знал, чем она занимается.

Lindsey Graham calls for investigation into FBI, DOJ (WBIR) Senator Lindsey Graham wants a new special counsel to look into the handling of the Hillary Clinton email investigation.

Peter Strzok: Clinton, DOJ struck deal that blocked FBI access to Clinton Foundation emails on her private server (Washington Examiner) Fired FBI agent Peter Strzok told Congress last year that the agency "did not have access" to Clinton Foundation emails that were on Hillary Clinton's private server because of a consent agreement "negotiated between the Department of Justice attorneys and counsel for Clinton."

Lisa Page testimony means DOJ might want to re-open case against Hillary Clinton (Washington Examiner) Lock her up?

Intelligence Community Veterans Blast Mueller's 'Forensic-Free Findings' (Sputnik) The group has regularly published analysis of publicly available data on the hack, and been entirely ignored by the mainstream media every step of the way.

The Intercept Shuts Down Access to Snowden Trove (The Daily Beast) First Look Media, the company that owns the Intercept, also announced that it was laying off several of the researchers who had been charged with maintaining the documents.

U.S. Senators Want Transparency on Senate Cyberattacks (SecurityWeek) Two lawmakers believe the U.S. Senate should inform senators about successful hacker attacks against the organization’s systems.

London link in Lucknow hotel cyber attack - Times of India (The Times of India) The cybercell of Lucknow police believes the recent ransomware attack on a city hotel could have been made from London.

MtGox bitcoin founder gets suspended sentence (France 24) The high-flying creator of the MtGox bitcoin exchange received a suspended jail sentence of two and a half years after a Japanese court Friday found him guilty on charges of data manipulation.

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Upcoming Events

National Cyber League Spring Season (Various, February 25 - March 24, 2019) The NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against...

The Future of Quantum Computing, Quantum Cryptography and Quantum Sensors (Boston, Massachussetts, USA, March 19 - 21, 2019) This must-attend summit offers comprehensive insights into the commercial future of all areas of quantum technology presenting the opportunities available today and future applications in business and...

OSSEC Open Source Security Conference (Herndon, Virginia, USA, March 20 - 21, 2019) With tens of thousands of global users, OSSEC is the world’s most widely used open source host-based intrusion detection system. Join this exclusive event on March 20-21, 2019 at the Dulles Hilton in Herndon,...

KNOW 2019 (Las Vegas, Nevada, USA, March 24 - 27, 2019) The Future of Trust starts at KNOW 2019, the definitive event focused on the data economy. From Facebook and Equifax to GDPR, identity data is at the forefront of cybersecurity and regulation. KNOW is...

Cyber Security for Critical Assets Summit (Houston, Texas, USA, March 26 - 28, 2019) The Cyber Security for Critical Assets Summit unites 250+ senior IT & OT security professionals to elucidate the most advanced cybersecurity information, debate policies and guidelines, and collaborate...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.